You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the main host, if you comment in AddStaticSigningCredential and then make a jwks discovery request, an exception is thrown: CryptographicException: m_safeCertContext is an invalid handle.
In the debugger, at the point of loading the certificate, it looks good. E.g., in IdentityServerExtensions, after using var rsaCert = new X509Certificate2("./testkeys/identityserver.test.rsa.p12", "changeit");, the rsaCert is good. However, at the point of using the cert in DiscoveryResponseGenerator, it appears to be invalid: var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData); is where the exception is thrown, and the x509Key.Certificate in the debugger is completely invalid - all properties throw an exception.
Note: hosts\main\TestKeys\identityserver.test.rsa.p12 and hosts\main\TestKeys\identityserver.test.ecdsa.p12 seem to have been generated with mkcert -pkcs12 identityserver.test.rsa and mkcert -pkcs12 -ecdsa identityserver.test.ecdsa on Dom's machine, but he now reproduces the error, and the problem exists for me if I regenerate the keys with those commands. I've tested as far back as the 6.3.x release branch and reproduced this.
The text was updated successfully, but these errors were encountered:
In the main host, if you comment in AddStaticSigningCredential and then make a jwks discovery request, an exception is thrown:
CryptographicException: m_safeCertContext is an invalid handle.
In the debugger, at the point of loading the certificate, it looks good. E.g., in IdentityServerExtensions, after
using var rsaCert = new X509Certificate2("./testkeys/identityserver.test.rsa.p12", "changeit");
, the rsaCert is good. However, at the point of using the cert in DiscoveryResponseGenerator, it appears to be invalid:var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
is where the exception is thrown, and the x509Key.Certificate in the debugger is completely invalid - all properties throw an exception.Note: hosts\main\TestKeys\identityserver.test.rsa.p12 and hosts\main\TestKeys\identityserver.test.ecdsa.p12 seem to have been generated with
mkcert -pkcs12 identityserver.test.rsa
andmkcert -pkcs12 -ecdsa identityserver.test.ecdsa
on Dom's machine, but he now reproduces the error, and the problem exists for me if I regenerate the keys with those commands. I've tested as far back as the 6.3.x release branch and reproduced this.The text was updated successfully, but these errors were encountered: